This is your China Hack Report: Daily US Tech Defense podcast.
Hey listeners, I’m Ting, your friendly neighborhood China–cyber obsessive, and today’s China Hack Report is…busy.
Let’s start with what Virginia Senator Mark Warner just called out as “still ongoing”: the Chinese Salt Typhoon campaign burrowed deep into U.S. telecom networks. According to Newsmax’s report on Warner’s briefing, Chinese intelligence is still inside core carrier gear, quietly sampling unencrypted voice and signaling traffic across the country, while the FBI and other intel shops argue over how “clean” the networks really are. That means if your calls and texts aren’t end‑to‑end encrypted, assume they’re potentially browsable by a PLA operator in Chengdu with a coffee and a query console.
CybersecurityNews and others now link Salt Typhoon operators Yuyang and Qiu Daibing—both products of Cisco Network Academy—to compromises of more than 80 telecom providers worldwide, abusing Cisco IOS and ASA and even CALEA lawful‑intercept boxes for dragnet collection on U.S. political targets. That is not hypothetical espionage; that is inside‑the‑core, change‑the‑config kind of access.
On the pure malware and 0‑day front, today’s biggest China‑linked headache is still React2Shell, CVE‑2025‑55182. The Hacker News and WIU’s Cybersecurity Center note that at least two PRC‑aligned groups weaponized this React Server Components bug within hours of disclosure, going straight after cloud‑heavy U.S. sectors: SaaS, fintech APIs, dev tools, even OSINT platforms. Think deserialization to remote code execution, no auth required. CISA has already shoved React2Shell into the Known Exploited Vulnerabilities catalog and ordered federal agencies to patch or mitigate immediately, with a December deadline that basically said, “Stop everything and fix this.”
Meanwhile, CISA and Cyber Press are flagging another active front door: Chromium’s ANGLE graphics 0‑day, CVE‑2025‑14174. It’s being used in the wild via malicious HTML—exactly the kind of thing a China‑based intel crew would fold into watering‑hole or spear‑phish chains hitting U.S. think tanks and defense contractors. The directive: push Chrome to at least 131.0.6778.201, Edge to 131.0.3139.95, and lock in rapid auto‑updates across all Chromium browsers.
Add to that CISA’s fresh warning about the BRICKSTORM backdoor used by PRC state hackers for long‑term persistence in VMware vSphere and Windows environments, targeting government and IT providers, as summarized by Hacker News and Security Boulevard. That’s your virtual infrastructure, your management plane, quietly owned.
So, what’s the immediate homework list from CISA and friends? Patch React2Shell everywhere. Force‑update Chromium browsers. Hunt for anomalous VPN, vSphere, and telecom management logins. Turn on strict TLS, kill legacy protocols, and encrypt anything that isn’t nailed down—especially inside telecom and cloud backbones. And yes, do the boring stuff: asset inventories, offline backups, and rehearsed incident‑response playbooks.
I’m Ting, reminding you: in this game, “probably fine” is attacker‑speak for “already pwned.”
Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.
For more
http://www.quietplease.aiGet the best deals
https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI
